Privacy Policy
Version 1.2 – Last updated: March 7, 2026
Introduction
Section titled “Introduction”DigiQuip AS is responsible for processing personal information we have registered and processed in connection with your customer relationship with the company. We also process personal information in connection with previous and potential customers.
In this privacy policy, we provide you with information about the personal information we process, for what purposes we process it, what third parties are involved, information about your rights, and how we secure the information we have about you.
If you have questions about how we process your personal information, feel free to contact us.
Who is a “user”?
Section titled “Who is a “user”?”In this privacy policy, we use the term “user” to refer to anyone who uses our services, regardless of whether they have created an account. We distinguish between:
- Users with an account – individuals who have created a user account via our authentication service (Logto). No passwords are stored in our systems; we only store a reference to the account at Logto.
- Users without an account – individuals who use the services without creating an account, for example through identification via HMS card, ID photo, or Vipps.
What personal information does DigiQuip AS have about you?
Section titled “What personal information does DigiQuip AS have about you?”Personal information is any information that can be linked to you as an individual. We register information such as name, telephone number and email address on our customers’ contact persons. DigiQuip’s customer base is mainly businesses, but in cases where a private individual is a customer, address will also be registered.
User accounts
Section titled “User accounts”On our customers’ user accounts, we register usernames, first names, last names, telephone numbers, email addresses, and which customer the user is linked to. Account creation is handled by Logto, which stores the user’s email address. We only store a reference to the Logto account in our systems.
User identification
Section titled “User identification”We identify users through the following methods:
- HMS card (hmskort.no) – We use the official HMS card API to recognize individuals via the QR code on their card. We retrieve and store name, date of birth, and employer relations. We have an agreement with the responsible government authority to use this API.
- ID photo – The user can take a photo of their ID document. We look for and store name, date of birth, and nationality if found in the image.
- Vipps – We use the Vipps Login API to allow users to log in or show their QR code in the Vipps app. The user consents to sharing their name and date of birth with us via Vipps.
The Registry
Section titled “The Registry”Personal data about users is stored in our Registry and may include:
- Name and date of birth (from HMS card, ID photo, or Vipps)
- Nationality (from ID photo)
- Employer relations (from HMS card)
- Email address (optional, provided by the user to receive skill certificates)
- Skills and sign-offs (acquired through use of the services)
- Roles, tags, and group memberships (assigned by the user’s employer)
Inquiries
Section titled “Inquiries”In order to provide our customers with an efficient and good service, all inquiries will be documented in our case system. Only information that is relevant to the nature of the case will be stored in the cases.
AI features
Section titled “AI features”When users use AI features in the services, text, images, and voice may be transferred to Mistral AI for processing. Text data submitted for AI analysis is not retained after processing. For AI-based image interpretation, we store a small thumbnail of the relevant image for support and error tracking purposes; images are not permanently stored after processing. When users use voice and transcription features, voice input is processed in real-time to generate text; audio data is not retained after transcription is complete.
What does DigiQuip AS use your personal information for?
Section titled “What does DigiQuip AS use your personal information for?”DigiQuip’s personal information is mainly used to perform work in connection with our services and fulfill the contractual relationship. Personal information about contact persons for our customers is necessary to have a contact surface for good dialogue between us and our customers.
Personal information associated with our customers’ user accounts is necessary to have a unique identity on the user accounts that we can grant access and rights to. User accounts are necessary to fulfill the contract for the delivery of services. Contact information such as email address and telephone number is necessary for the services to function at a technical level, but also to assist users with support functions. Mobile phone numbers are also used for user authentication.
In some cases, personal contact information will be used to notify about service disruptions or relevant changes in the services. Registered contact persons for customers will also receive information and marketing materials related to the services offered up to 2 times per month. We rely on your feedback to work for continuous improvement of our services. This is a central part of our quality management and information security systems. Therefore, we will use name, telephone number, and email address to send you user and customer surveys up to 2 times a year, in accordance with the guidelines in the Personal Data Act § 1, cf. GDPR article 6.1 f).
AI features in the services, including text analysis, image interpretation, and voice transcription, are used to deliver the core functionality of the services. The legal basis for this processing is the fulfillment of the contract, cf. GDPR Article 6.1(b). Thumbnails from AI-based image interpretation are additionally stored for support and error tracking as part of our quality assurance. The legal basis for this is legitimate interest, cf. GDPR Article 6.1(f).
Who do we share your information with?
Section titled “Who do we share your information with?”The personal information we are responsible for processing is primarily used to fulfill the contract. In cases where third-party providers assist, contact and user information can be exchanged with these providers. No personal information will be shared with third parties for marketing purposes.
We use the following third-party data processors:
Logto – Handles authentication and account creation for users with an account. Logto stores the user’s email address. Data is processed and stored within the EU.
Vipps (MobilePay) – Used for identification and login. The user consents to sharing their name and date of birth via Vipps. Data is processed and stored in Norway.
Mistral AI – Analyses text data via large language models (LLMs) to power AI features in the services; text data is not retained after processing. Processes image data, including thumbnails, for AI-based image interpretation features; images are not permanently stored after processing. Transcribes voice input to text in real-time for voice and transcription features; audio data is not retained after transcription. Data is processed in GDPR-compliant data centers within the EU.
Linkup.so – Processes search queries when using web search features. Linkup.so does not use queries for AI training and deletes data after the service is delivered. Data is processed and stored within the EU.
We also use the official HMS card API (hmskort.no), issued by the Norwegian government, as a data source for user identification. We have an agreement with the responsible authority to use this API.
All third-party data processors are bound by Data Processing Agreements (DPAs) in accordance with GDPR and process data exclusively on behalf of DigiQuip.
Geographic storage of personal information
Section titled “Geographic storage of personal information”Your personal information is stored in our own systems, which are managed in Norway. Our systems are run by a reputable international cloud provider with distributed data centers all over the world, but are exclusively under our control.
Data processed by our third-party AI partners (Mistral AI and Linkup.so) is processed and stored in GDPR-compliant data centers within the EU.
How long do we store your personal data?
Section titled “How long do we store your personal data?”In accordance with the Personal Data Act §1, cf. GDPR Article 17, we will not store your personal data for longer than is necessary to carry out the purpose of the processing.
Personal data relating to users with an account is stored as long as the user is active. A user account will be deactivated upon termination, either by the entire customer relationship or by the individual user, and the personal data associated with the user is quarantined for 30 days after deactivation before the user is deleted.
For users without an account, personal data is stored in the Registry as long as there are skills or sign-offs associated with the person. If no activity is registered on the person for 6 months, personal data is deleted from the Registry.
In our case system, information about completed cases relating to individuals is stored as long as the customer relationship is active. Our CRM and ERP systems also store information about customers’ contact persons.
At the end of the customer relationship, registered personal data in the case system will be anonymised or deleted after 3 years, in line with the general limitation period. In the CRM and ERP systems, personal data is stored in line with §13 of the Bookkeeping Act. This information is anonymised or deleted when the mandatory retention period of 5 years has expired.
Your rights
Section titled “Your rights”You have a number of rights with regards to your personal information that we are processing as the controller. These rights include:
- Right to access your personal information (GDPR Article 15)
- Right to receive a copy of your personal information (GDPR Article 20)
- Right to object to processing (GDPR Article 21)
- Right to correct inaccurate information (GDPR Article 16)
- Right to have your personal information deleted or processing restricted (GDPR Articles 17 and 18)
If you believe we are processing your personal information without a legal basis or if you want to exercise your rights, you may contact us. Our contact information can be found on our website. We will respond to your request as soon as possible and usually within 30 days.
You may also file a complaint with the Data Protection Authority, but we ask you to contact us first so that any misunderstandings can be cleared up in the best possible way.
Changelog
Section titled “Changelog”| Version | Date | Change |
|---|---|---|
| 1.2 | March 7, 2026 | Added definition of “user” (with and without account); identification methods (HMS card, ID photo, Vipps); the Registry with data types (date of birth, nationality, employer relations, roles, tags, groups); Logto and Vipps as third-party data processors; HMS card API as data source; updated retention rules for users without an account |
| 1.1 | February 28, 2026 | Added third-party data processor disclosures for Mistral AI (text analysis via LLM, image interpretation, voice transcription) and Linkup.so (web search); added retention details, legal basis, and EU data location |
| 1.0 | February 15, 2023 | Initial version |